[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16934 [Torsocks]: youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure
#16934: youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure
-----------------------+-------------------------
Reporter: sponville | Owner: dgoulet
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Torsocks | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------+-------------------------
Comment (by cypherpunks):
This seems to be a design flaw in the "SOCKS5_CMD_RESOLVE" command.
Specifically, it appears that the client sends such a command containing
the hostname to be resolved, but has no way of specifying whether it
expects an IPv4 address or an IPv6 address in response - and tor sends
back whichever address type it feels like using.
Correct me if I'm wrong, but the "RESOLVE" command seems to be a Tor-
specific thing, not a standard part of the SOCKS5 protocol. Wouldn't it
be better to limit "RESOLVE" to returning IPv4 addresses (the only type
that torsocks can currently understand, AFAICT), and add separate
"RESOLVE_V6" or "RESOLVE_V4_OR_V6" commands for the benefit of future
clients?
With that said, the other option that comes to mind is for torsocks to do
away with real IP addresses altogether, and handle all DNS names by
mapping them to fake addresses, the same way .onion names are currently
handled. Apart from perhaps wanting to allocate more than a /24 worth of
fake addresses for this purpose, is there any reason this wouldn't work?
As a practical matter, users might sometimes want to know the real IP
address of the service they're connecting to, so maybe this would make
sense as a torsocks configuration option. But I think for most
applications, the real IP address shouldn't matter, and there may be good
reasons for the application *not* to know it (e.g., CDNs that use a
different address depending on your exit node, or inadvertent leaks in
applications not designed with privacy in mind.)
As a quick fix, would it be adequate to simply replace 'if
(utils_strcasecmpend(hostname, ".onion") == 0)' with 'if (1)' in
torsocks.c?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16934#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs